An access discovery method and system discovers and stores the proper access protocol for each device on a network. The discovery process includes progressively sequencing through state transitions until a successful access protocol sequence is determined, and an access script corresponding to this sequence is stored for subsequent access to the device. Preferably, the protocol-discovery algorithm is modeled as a state table that includes a start state and two possible terminal states: success and failure. A state machine executes the state table until a terminal state is reached; if the terminal state is a failure, the system backtracks to attempt an alternative sequence. The process continues until the success state is reached or until all possible sequences are executed without success. An exemplary state model is provided that has been shown to be effective for modeling network devices from a variety of vendor devices.
|
1. A system comprising:
an access protocol model that is configured to model a plurality of access protocols, and
an access protocol discovery module that uses the access protocol model to discover an access protocol that allows accessing a device on a network, wherein
the access protocol model is configured to model the plurality of access protocols as a state machine model, and
the state machine model includes a plurality of states, and each access protocol is defined by a sequence of transitions between select states.
12. A method comprising:
providing, to an access device, an access protocol model that is configured to model a plurality of access protocols, and
attempting, by the access device, to access a device on a network by processing the access protocol model to discover an access protocol that allows accessing the device, wherein
the access protocol model is configured to model the plurality of access protocols as a state machine model, and
the state machine model includes a plurality of states, and each access protocol is defined by a sequence of transitions between select states.
22. A computer program stored on a non-transient computer readable medium, which, when executed by a processor, causes the processor to:
receive an access protocol model that is configured to model a plurality of access protocols, and
attempt to access a device on a network by processing the access protocol model to discover an access protocol that allows accessing the device, wherein
the access protocol model is configured to model the plurality of access protocols as a state machine model, and
the state machine model includes a plurality of states, and each access protocol is defined by a sequence of transitions between select states.
2. The system of
3. The system of
4. The system of
5. The system of
a Connect state that serves as an initial state of the sequence,
a Username state wherein an identification of a user is communicated to the device,
a Password state wherein a password of the user is communicated to the device,
an Enable state wherein a command is communicated to the device, requesting that a higher level of access by enabled, and
an Enable Password state wherein a second password of the user is communicated to the device to gain the higher level of access.
6. The system of
a Success state that identifies a final state of the sequence that defines an access protocol, and
a Failure state that identifies a final state of a sequence that does not define an access protocol.
7. The system of
8. The system of
execute an action of an action-response pair corresponding to a transition from the state,
receive a device response from the device, and
transition to a next state based on whether the device response corresponds to an expected response of the action-response pair.
9. The system of
10. The system of
11. The system of
13. The method of
15. The method of
a Connect state that serves as an initial state of the sequence,
a Username state wherein an identification of a user is communicated to the device,
a Password state wherein a password of the user is communicated to the device,
an Enable state wherein a command is communicated to the device, requesting that a higher level of access by enabled, and
an Enable Password state wherein a second password of the user is communicated to the device to gain the higher level of access.
16. The method of
a Success state that identifies a final state of the sequence that defines an access protocol, and
a Failure state that identifies a final state of a sequence that does not define an access protocol.
17. The method of
18. The method of
processing the state machine model by:
entering a state of the plurality of states,
executing an action of an action-response pair corresponding to a transition from the state,
receiving a device response from the device, and
transitioning to a next state based on whether the device response corresponds to an expected response of the action-response pair.
19. The method of
20. The method of
each transition of the possible transitions includes a parameter that affects an order in which the possible transitions are selected for consideration within the state.
21. The method of
23. The computer program of
24. The computer program of
a Connect state that serves as an initial state of the sequence,
a Username state wherein an identification of a user is communicated to the device,
a Password state wherein a password of the user is communicated to the device,
an Enable state wherein a command is communicated to the device, requesting that a higher level of access by enabled, and
an Enable Password state wherein a second password of the user is communicated to the device to gain the higher level of access.
25. The computer program of
a Success state that identifies a final state of the sequence that defines an access protocol, and
a Failure state that identifies a final state of a sequence that does not define an access protocol.
26. The computer program of
27. The computer program of
entering a state of the plurality of states,
executing an action of an action-response pair corresponding to a transition from the state,
receiving a device response from the device, and
transitioning to a next state based on whether the device response corresponds to an expected response of the action-response pair.
28. The computer program of
29. The computer program of
30. The computer program of
|
This application claims the benefit of U.S. Provisional Patent Application 60/709,770, filed 19 Aug. 2005.
This invention relates to the field of network management, and in particular to a system that facilitates access to network devices using a variety of authentication/access schemes.
To adequately manage a network, access must often be gained to devices of the network, to determine and/or modify their configuration, obtain diagnostic information, monitor their performance, and so on.
In order to gain access to a network device, an authentication process is typically required, which generally includes the execution of a pre-defined access protocol. The access protocol is generally specific to each device, or device type, as determined by the vendor, and is also often dependent upon the particular configuration of the device, such as whether it is configured for Telnet, Secure Shell, or SNMP, and so on.
In
In
Often, the management of a network requires modification to many network devices. For example, to enhance security, the authentication parameters (username, password, community string) of some or all of the network devices may be changed periodically. Applying changes to many devices manually can be very tedious and error prone, and an automation of the process would reduce the tedium and errors. Other tasks, such as system diagnosis tasks that require knowledge of device configurations, would also benefit from automation tools that automatically collect such configuration information. However, to use such automation processes, access must be provided to each device being modified or monitored, and the disparate access protocols among device types introduces a substantial hurdle to such tasks.
It is an objective of this invention to provide a method and system to facilitate gaining access to a variety of different network devices. It is a further objective of this invention to provide a method and system to facilitate the creation of authentication/access protocol scripts for a variety of different network devices. It is a further objective of this invention to facilitate the creation of authentication/access protocol scripts to support future devices or standards.
These objects, and others, are achieved by a method and system that discovers and stores the proper access protocol for each device on a network. The discovery process includes progressively sequencing through state transitions until a successful access protocol sequence for a device is determined. When a successful access sequence is determined, a sequence script corresponding to this sequence is stored for subsequent access to the device. Preferably, the protocol-discovery algorithm is modeled as a state table that includes a start state and two possible terminal states: success and failure. A state machine executes the state table until a terminal state is reached; if the terminal state is a failure, the system backtracks to attempt an alternative sequence. The process continues until the success state is reached or until all possible sequences are executed without success. An exemplary state model is provided that has been shown to be effective for modeling network devices from a variety of vendor devices, as are techniques for generating protocol scripts based on this model, or others.
The invention is explained in further detail, and by way of example, with reference to the accompanying drawings wherein:
Throughout the drawings, the same reference numerals indicate similar or corresponding features or functions. The drawings are included for illustrative purposes and are not intended to limit the scope of the invention.
In the following description, for purposes of explanation rather than limitation, specific details are set forth such as the particular architecture, interfaces, techniques, etc., in order to provide a thorough understanding of the concepts of the invention. However, it will be apparent to those skilled in the art that the present invention may be practiced in other embodiments, which depart from these specific details. In like manner, the text of this description is directed to the example embodiments as illustrated in the Figures, and is not intended to limit the claimed invention beyond the limits expressly included in the claims. For purposes of simplicity and clarity, detailed descriptions of well-known devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
Before gaining control of a network device, the system determines whether the network device is accessible 211. There are many ways to determine if the network device is accessible, such as sending ICMP echo messages to the network device. In a preferred embodiment of this invention, a sequence of different techniques are attempted until a response is received, including ICMP echo, SNMP, and pinging for well-known ports. Examples of some of the well known ports include: port 7 assigned to echo port; port 23 used by telnet protocol; port 22 used by secure shell (ssh) protocol; and port 80 used by http protocol for web access.
After determining that the network device is accessible, the system determines the authentication scheme that is to be used 212, preferably including telnet, secure shell protocol, and the SNMP protocol. The system determines which of these authentication schemes are supported by the device and stores this information. If more than one authentication scheme is available for the network device, user defined priorities are used to select which access scheme to use.
Upon determination and/or selection of an authentication scheme, the system provides information to authenticate the system to the device 213. As noted above, the authentication protocol information and sequence varies among devices. Some network devices require only a password to gain control of the network device, whereas other devices require a username and password and, in some cases, an additional super-user or privileged password, to gain control of the network device. Other devices may only require a login name. The set of authentication information and the communication sequence/protocol is dependent on the particular device, and typically varies for each vendor and sometimes for each device type with a vendor's product line.
If the system properly identifies itself as being entitled to access to the network device, both the system and the network device agree upon the completion of the authentication process 214, and the network device provides control to the system to perform any further network management tasks. This transfer of control is generally signaled by the use of a different prompt symbol by the network device.
If the appropriate prompt is received by the system, the system proceeds to engage in privileged transactions 215, such as receiving or modifying the configuration of the device, receiving diagnostic information, and so on. On the other hand, if the authentication fails, the accessing system initiates another authentication script and reattempts the authentication 213.
As discussed above, the system of this invention attempts to gain access to a network device by executing, or attempting to execute, an authentication sequence that is appropriate for the given device. In accordance with an aspect of this invention, the system is configured to progressively attempt authentication by dynamically creating possible protocol scripts. The term script is used herein to identify the portion of the protocol sequence provided by the accessing system. As also noted above, the different authentication sequences include differences in both information content as well as the sequence used to provide the information sequence.
The authentication process can be modeled using a state transition model.
In
If the appropriate “login:” 310, “password:” 320, and “>” 340 prompts are not received in the appropriate sequence of states, this indicates that the authentication process using this state diagram does not provide a successful access and the system enters a failed state F. This failure may be caused by any of a variety of causes, based on the responses from the device. The device may not send the anticipated response because an unauthorized login name 315 or password 325 had been sent by the system; or, the device may not send the anticipated response because it uses an access protocol that does not correspond to the state diagram of
In a simple embodiment of this invention, a state diagram corresponding to each known device type can be created, and the system can be configured to execute these state diagrams in sequence. Each time a failure state is reached, a next state diagram is initiated until a success state is eventually reached, or until all state diagrams have been attempted.
In accordance with another aspect of this invention, a ‘universal’ state diagram model is defined, and the system is configured to execute this state diagram to discover the access sequence for each device; when the proper access sequence for each device is discovered, the script that effects this sequence is saved for subsequent access to the device.
In a preferred embodiment, each step in the authentication procedure is modeled as a State “s” in the model. Each state “s” is associated with an Action “a” to be performed on the network device and a response “r” returned by the network device for the executed action. All the possible states constitute the State Set, S={s1, s2, . . . , sn}. All the possible actions constitute the Action Set, A={a1, a2, . . . , am}. There is a one-to-many correspondence between the actions and the states, i.e., an action can be associated with more than one state. The set of accepted state transitions is defined as “T={wp(a,r)→q}, p, q εS and p≠q, a εA, r is the response received from the network device and w is the weight associated with making the state transition. The possible state transitions chosen from a given state is dependent on the response received and action performed at that state. Each response can be associated with multiple state transitions. To accommodate this, each state transition “t” is associated with a weight “w”. The weight helps in determining the choices made with respect to the state transitions at each state. The lower the weight the higher the priority choosing that state transition. The set of possible states and its associated actions along with the set of accepted state transitions collectively form the state machine. A device access script is defined as the set of state transitions performed to take the process from the Connect state to either a Success or Failure state.
The seven states used in the example universal model of access protocols are defined below.
Connect State: This is the initial state in the generation of the device access script. In this state a connection is established with the network device using one of the pre-determined authentication schemes. Once the connection is established, we wait for the initial prompt sent by the network device.
Username State: In this state, the process sends the username to the network device for authentication. Once the username is sent the network device generally prompts for the “Password” associated with the username.
Password State: In this state, the process sends the password to the network device for authentication. Once the password is authenticated against the network device, the network device generally responds back with the prompt that signals authenticated access, and gives control to the user. Although most of the network devices associate a password along with a username, there are many network devices that do not follow this, such as the device of
Enable State: In this state, the process sends the command that enables advancing to a higher access level of the network device, to request for super user privileges to the network device.
Enable Password State or Privileged Password State: In this state, the process sends the enable password to the network device. Once the network device authenticates the enable password, it generally grants super user privileges to the process.
Failure State: If for any reason, the network device reports errors or does not support any of the commands, it informs the process about the errors. This results in the process unable to complete the authentication procedure and results in the failure state. This state may include an action to record the sequence that led to this state, for diagnostic purposes, as discussed further below.
Success State: This is the final state in the successful generation of the device access protocol script. Once the process has reached this state, it has found the set of state transitions that will lead to a successful authentication procedure. Preferably, this state includes an action to record an identifier of the device and the sequence that led to this state, to facilitate creation of an access protocol script for this device, as discussed further below.
A variety of possible transitions between states are identified in the model of
At 410 of
Continuing the example of a device that uses an access protocol as illustrated in
From the Password state of
Note that a device having an access protocol of
In a preferred embodiment, it has been found that the primary device-related actions associated with each transition can be modeled as one of the following four actions.
Connect Action: This action is executed only in the Connect State. A connection to the network device is activated based on the pre-determined authentication scheme. The network device responds with the initial prompt, which is stored as the response as part of an action-response pair that defines a transition from this state.
Disconnect Action: This action is executed upon reaching the Success State, or after exhausting all access attempts. Typically, the discovery, creation, and storage of an access protocol for a network device is conducted as an independent action, and therefore the connection that was established to the device during this process can be disconnected once the protocol is successfully discovered, or upon exhausting all possibilities. This action also typically includes the storage of the access protocol, with appropriate linkage to the network device, if the access was successful, or the storage of diagnostic information, if the access was unsuccessful, and other administrative tasks.
Send Action: This is the most common action performed at the various states. The action includes sending a response/command to the network device. Once the network device processes the response/command, it is expected to send its response, typically in the form of a prompt.
No Action: Some states may not require an action to be performed with regard to the network device, such as the failure state.
As noted above, the universal model of
In this example embodiment, the actions for each state are stored independent of the transition conditions of each state, because as noted above, in the example embodiment, entry into a given state effects the action, regardless of the subsequent response from the device. Alternative structures to support different state-action-response-transition relationships will be evident to one of ordinary skill in the art. The segment 510 illustrates the definition of the action to be performed upon entering the USERNAME_STATE 511. The action is a SEND_ACTION 512, defined above as the sending of a response/command to the network device, which response/command in this example is the $USERNAME 513, the “$” indicating an indirect access to a location that contains the accessing system's user name. Not illustrated, if the user uses different user names for different devices, a preprocessor will typically be configured to load the appropriate user name at this defined location at the start of the discovery process for each target device.
The segments 520 and 530 illustrate example definitions of transitions, corresponding to transitions 4 and 5 in
To effect StateTransition_4 521, from the USERNAME_STATE 522 to the PASSWORD_STATE 523, the received response must match the match conditions 524, corresponding to the “expected?” test 440 of
If the “password:” or “enter password:” response is not received, the system will check for other possible matches, corresponding to other transitions. At segment 530, “StateTransition—5” 531, the match condition for transitioning to the “ENABLE STATE” 533 is given as a “&” 534; if a “&” is received from the device while in the “USERNAME STATE” 532, the system will transition to the “ENABLE STATE”, corresponding to transition 5 in
As noted above, each transition is allocated a weight for determining the order in which to attempt each transition. If the match conditions of each transition are disjoint, such as match conditions 524 and 534, the priority has no effect, because only the transition that includes a match to the received response will be enabled, regardless of order in which the transitions/matchings are attempted. However, if different transitions from the same state include one or more common match conditions, such as match conditions 534 and 544, and the response corresponds to a common match condition, such as in the above example of receiving a “&” response, the first attempted transition will be the first executed transition. In this example, StateTransition_5 531 is given a priority of “50” 535, and StateTransition_6 541 is given a priority of “70” 545, and therefore StateTransition_5 will be attempted first. This choice of giving priority to StateTransition_5 531 may be based on a variety of factors; in this example, entry to the “ENABLE_STATE” is preferable because, as discussed above, the “ENABLE_STATE” allows the system to attempt to gain ‘superuser’ access to the device. If this attempt to gain ‘superuser’ access fails, the system will backtrack and eventually reenter the “USERNAME_STATE”. Upon reentry, the system will have recorded that StateTransition_5 was unsuccessful, will attempt StateTransistion_6, and, upon receipt of an “&”, will transition to the “SUCCESS_STATE” 543, corresponding to transition 6 in
The choice of priorities may also be based on other factors, such as heuristics that indicate likely paths to the success state, such as a heuristic that indicates that most device access protocols call for a password after providing a username, or, the priority may be based on heuristics specific to the particular network, and so on. For example, most networks include common families of devices, because the same vendor is generally used when networks are initially created. If it is known or determinable that a particular network primarily contains devices with a more common protocol, the priority of transitions corresponding to this protocol may be given a higher priority. Similarly, some transitions may be identified as a ‘last resort’, wherein even though the transition may eventually lead to a success state, other transitions are always preferred.
One of ordinary skill in the art will recognize that other priority schemes may be used as well; for example, the order in which the state transition definitions appear in the model could determine which transitions are attempted first, and so on. Similarly, one of ordinary skill in the art will recognize that the priority parameter need not be ‘static’, and heuristics and other learning system techniques can be used to dynamically adjust the priority ordering based on experiences within a given network or other factors.
An accessing system 630 is preferably configured to determine whether a device access script 650 is available for accessing a target network device 640. If the script is available, it is used to access the device 640; otherwise, the accessing system 630 is configured to use an access protocol discovery module 620 to discover the access protocol for the target device 640.
The access protocol discovery module 620 is configured to use the information contained in a universal access protocol model 610 to discover a viable access protocol sequence for accessing a network device 640 from an accessing system 630, as detailed above. When a successful access protocol is found, it is stored as a device access script 650 for subsequent access to this device. For example, an access file may be maintained that includes the IP address of each device 640 in the network, and a pointer to a device access script 650 for this device. Optionally, the device type or device model name may be stored, as well, so that other devices on the network corresponding to this type or model may also use the same device access script in lieu of discovering the access protocol for each of these devices.
An example device access script 650 is illustrated as a structured text file in
In a preferred embodiment of this invention, the access protocol discovery module 620 is configured to proceed through the various states of the access protocol model 610 until the success state is reached, or until a failure is reached. If a failure occurs, the system backtracks to the last state that has a not-yet-tried transition for the current sequence. For example, if the system progresses to the Enable state in
Also in a preferred embodiment, the record of one or more of the attempted sequences for a given device is stored (690 in
The foregoing merely illustrates the principles of the invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements which, although not explicitly described or shown herein, embody the principles of the invention and are thus within the spirit and scope of the following claims.
In interpreting these claims, it should be understood that:
d) several “means” may be represented by the same item or hardware or software implemented structure or function;
e) each of the disclosed elements may be comprised of hardware portions (e.g., including discrete and integrated electronic circuitry), software portions (e.g., computer programming), and any combination thereof;
f) hardware portions may be comprised of one or both of analog and digital portions;
g) any of the disclosed devices or portions thereof may be combined together or separated into further portions unless specifically stated otherwise;
h) no specific sequence of acts is intended to be required unless specifically indicated; and
i) the term “plurality of” an element includes two or more of the claimed element, and does not imply any particular range of number of elements; that is, a plurality of elements can be as few as two elements, and can include an immeasurable number of elements.
Sivaramakrishna Iyer, Krishnan
Patent | Priority | Assignee | Title |
Patent | Priority | Assignee | Title |
5774551, | Aug 07 1995 | Oracle America, Inc | Pluggable account management interface with unified login and logout and multiple user authentication services |
6611499, | Mar 18 1999 | AT&T Corp. | Method for measuring the availability of router-based connectionless networks |
6950875, | May 09 2000 | Oracle America, Inc | Message conductors in a distributed computing environment |
7085814, | Jun 11 1999 | Rovi Technologies Corporation | Data driven remote device control model with general programming interface-to-network messaging adapter |
7215976, | Nov 30 2001 | Google Technology Holdings LLC | RFID device, system and method of operation including a hybrid backscatter-based RFID tag protocol compatible with RFID, bluetooth and/or IEEE 802.11x infrastructure |
7274934, | Feb 16 2001 | Commil USA LLC | Wireless private branch exchange (WPBX) and communicating between mobile units and base stations |
7412518, | May 09 2000 | Oracle America, Inc | Method and apparatus for proximity discovery of services |
7418486, | Jun 06 2003 | Microsoft Technology Licensing, LLC | Automatic discovery and configuration of external network devices |
7555550, | Jul 28 2003 | eTelemetry | Asset tracker for identifying user of current internet protocol addresses within an organization's communications network |
7577834, | May 09 2000 | Oracle America, Inc | Message authentication using message gates in a distributed computing environment |
7673340, | Jun 02 2004 | IGNITE ENTERPRISE SOFTWARE SOLUTIONS, LLC | System and method for analyzing system user behavior |
7848259, | Aug 01 2003 | RIVERBED TECHNOLOGY LLC | Systems and methods for inferring services on a network |
20020095571, | |||
20020150094, | |||
20040025018, | |||
20040230636, | |||
20050027851, | |||
20050102423, | |||
20050169186, | |||
20050198393, | |||
20080195726, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Aug 08 2006 | IYER, KRISHNAN SIVARAMAKRISHNA | OPNET Technologies, Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 018193 | /0825 | |
Aug 11 2006 | Opnet Technologies, Inc. | (assignment on the face of the patent) | / | |||
Dec 18 2012 | RIVERBED TECHNOLOGY, INC | MORGAN STANLEY & CO LLC | SECURITY AGREEMENT | 029646 | /0060 | |
Dec 18 2012 | OPNET Technologies, Inc | MORGAN STANLEY & CO LLC | SECURITY AGREEMENT | 029646 | /0060 | |
Apr 01 2013 | OPNET Technologies, Inc | OPNET TECHNOLOGIES LLC | CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 030411 | /0310 | |
Apr 01 2013 | OPNET TECHNOLOGIES LLC | RIVERBED TECHNOLOGY, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 030459 | /0372 | |
Dec 20 2013 | RIVERBED TECHNOLOGY, INC | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | PATENT SECURITY AGREEMENT | 032421 | /0162 | |
Dec 20 2013 | MORGAN STANLEY & CO LLC, AS COLLATERAL AGENT | RIVERBED TECHNOLOGY, INC | RELEASE OF PATENT SECURITY INTEREST | 032113 | /0425 | |
Apr 24 2015 | JPMORGAN CHASE BANK, N A | RIVERBED TECHNOLOGY, INC | CORRECTIVE ASSIGNMENT TO CORRECT THE CONVEYING PARTY NAME PREVIOUSLY RECORDED ON REEL 035521 FRAME 0069 ASSIGNOR S HEREBY CONFIRMS THE RELEASE OF SECURITY INTEREST IN PATENTS | 035807 | /0680 | |
Apr 24 2015 | RIVERBED TECHNOLOGY, INC | MORGAN STANLEY SENIOR FUNDING, INC , AS COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 035561 | /0363 | |
Apr 24 2015 | BARCLAYS BANK PLC | RIVERBED TECHNOLOGY, INC | RELEASE OF SECURITY INTEREST IN PATENTS | 035521 | /0069 | |
Dec 31 2020 | RIVERBED TECHNOLOGY, INC | ALTER DOMUS US LLC, AS COLLATERAL AGENT | PATENT SECURITY AGREEMENT | 055514 | /0249 | |
Apr 20 2021 | ATERNITY LLC | MACQUARIE CAPITAL FUNDING LLC | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 056397 | /0750 | |
Apr 20 2021 | RIVERBED TECHNOLOGY, INC | MACQUARIE CAPITAL FUNDING LLC | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 056397 | /0750 | |
Apr 20 2021 | RIVERBED HOLDINGS, INC | MACQUARIE CAPITAL FUNDING LLC | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 056397 | /0750 | |
Oct 12 2021 | MACQUARIE CAPITAL FUNDING LLC | ATERNITY LLC | RELEASE OF SECURITY INTEREST IN PATENTS RECORED AT REEL 056397, FRAME 0750 | 057983 | /0356 | |
Oct 12 2021 | MACQUARIE CAPITAL FUNDING LLC | RIVERBED TECHNOLOGY, INC | RELEASE OF SECURITY INTEREST IN PATENTS RECORED AT REEL 056397, FRAME 0750 | 057983 | /0356 | |
Oct 12 2021 | MACQUARIE CAPITAL FUNDING LLC | RIVERBED HOLDINGS, INC | RELEASE OF SECURITY INTEREST IN PATENTS RECORED AT REEL 056397, FRAME 0750 | 057983 | /0356 | |
Oct 13 2021 | ATERNITY LLC | WILMINGTON TRUST, NATIONAL ASSOCIATION | PATENT SECURITY AGREEMENT | 057943 | /0386 | |
Oct 13 2021 | RIVERBED TECHNOLOGY, INC | WILMINGTON TRUST, NATIONAL ASSOCIATION | PATENT SECURITY AGREEMENT | 057943 | /0386 | |
Oct 13 2021 | ATERNITY LLC | ALTER DOMUS US LLC, AS COLLATERAL AGENT | PATENT SECURITY AGREEMENT SUPPLEMENT - SECOND LIEN | 057810 | /0559 | |
Oct 13 2021 | RIVERBED TECHNOLOGY, INC | ALTER DOMUS US LLC, AS COLLATERAL AGENT | PATENT SECURITY AGREEMENT SUPPLEMENT - SECOND LIEN | 057810 | /0559 | |
Oct 13 2021 | RIVERBED HOLDINGS, INC | ALTER DOMUS US LLC, AS COLLATERAL AGENT | PATENT SECURITY AGREEMENT SUPPLEMENT - SECOND LIEN | 057810 | /0559 | |
Oct 13 2021 | ATERNITY LLC | MORGAN STANLEY SENIOR FUNDING, INC , AS COLLATERAL AGENT | PATENT SECURITY AGREEMENT SUPPLEMENT - FIRST LIEN | 057810 | /0502 | |
Oct 13 2021 | RIVERBED TECHNOLOGY, INC | MORGAN STANLEY SENIOR FUNDING, INC , AS COLLATERAL AGENT | PATENT SECURITY AGREEMENT SUPPLEMENT - FIRST LIEN | 057810 | /0502 | |
Oct 13 2021 | RIVERBED HOLDINGS, INC | MORGAN STANLEY SENIOR FUNDING, INC , AS COLLATERAL AGENT | PATENT SECURITY AGREEMENT SUPPLEMENT - FIRST LIEN | 057810 | /0502 | |
Dec 07 2021 | WILMINGTON TRUST, NATIONAL ASSOCIATION, AS U S COLLATERAL AGENT | ATERNITY LLC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS | 058593 | /0169 | |
Dec 07 2021 | RIVERBED TECHNOLOGY, INC | RIVERBED TECHNOLOGY LLC | CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 059232 | /0551 | |
Dec 07 2021 | ALTER DOMUS US LLC, AS COLLATERAL AGENT | RIVERBED TECHNOLOGY, INC | RELEASE BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 064673 | /0739 | |
Dec 07 2021 | ALTER DOMUS US LLC, AS COLLATERAL AGENT | ATERNITY LLC | RELEASE BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 064673 | /0739 | |
Dec 07 2021 | WILMINGTON TRUST, NATIONAL ASSOCIATION, AS U S COLLATERAL AGENT | RIVERBED TECHNOLOGY, INC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS | 058593 | /0169 | |
Dec 07 2021 | ALTER DOMUS US LLC, AS COLLATERAL AGENT | ATERNITY LLC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS | 058593 | /0108 | |
Dec 07 2021 | ALTER DOMUS US LLC, AS COLLATERAL AGENT | RIVERBED TECHNOLOGY, INC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS | 058593 | /0108 | |
Dec 07 2021 | MORGAN STANLEY SENIOR FUNDING, INC , AS COLLATERAL AGENT | ATERNITY LLC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS | 058593 | /0046 | |
Dec 07 2021 | MORGAN STANLEY SENIOR FUNDING, INC , AS COLLATERAL AGENT | RIVERBED TECHNOLOGY, INC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS | 058593 | /0046 | |
Dec 07 2021 | ATERNITY LLC | WILMINGTON TRUST, NATIONAL ASSOCIATION, AS U S COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 058486 | /0216 | |
Dec 07 2021 | RIVERBED TECHNOLOGY LLC FORMERLY RIVERBED TECHNOLOGY, INC | WILMINGTON TRUST, NATIONAL ASSOCIATION, AS U S COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 058486 | /0216 | |
Dec 07 2021 | ALTER DOMUS US LLC, AS COLLATERAL AGENT | RIVERBED HOLDINGS, INC | RELEASE BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 064673 | /0739 |
Date | Maintenance Fee Events |
Oct 17 2013 | ASPN: Payor Number Assigned. |
Jan 11 2016 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
Jan 09 2020 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
Jan 10 2024 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
Date | Maintenance Schedule |
Jul 24 2015 | 4 years fee payment window open |
Jan 24 2016 | 6 months grace period start (w surcharge) |
Jul 24 2016 | patent expiry (for year 4) |
Jul 24 2018 | 2 years to revive unintentionally abandoned end. (for year 4) |
Jul 24 2019 | 8 years fee payment window open |
Jan 24 2020 | 6 months grace period start (w surcharge) |
Jul 24 2020 | patent expiry (for year 8) |
Jul 24 2022 | 2 years to revive unintentionally abandoned end. (for year 8) |
Jul 24 2023 | 12 years fee payment window open |
Jan 24 2024 | 6 months grace period start (w surcharge) |
Jul 24 2024 | patent expiry (for year 12) |
Jul 24 2026 | 2 years to revive unintentionally abandoned end. (for year 12) |